LotGDocker/lotgd-web/lotgd/lib/mail/case_write.php

172 lines
7.5 KiB
PHP
Raw Permalink Normal View History

2020-08-17 19:16:42 -04:00
<?php
$subject=httppost('subject');
$body="";
$row="";
$replyto = (int)httpget('replyto');
if ($session['user']['superuser'] & SU_IS_GAMEMASTER) {
$from = httppost('from');
}
if ($replyto!=""){
$mail = db_prefix("mail");
$accounts = db_prefix("accounts");
$sql = "SELECT ".$mail.".sent,".$mail.".body,".$mail.".msgfrom, ".$mail.".subject,".$accounts.".login, ".$accounts.".superuser, ".$accounts.".name FROM ".$mail." LEFT JOIN ".$accounts." ON ".$accounts.".acctid=".$mail.".msgfrom WHERE msgto=\"".$session['user']['acctid']."\" AND messageid=\"".$replyto."\"";
$result = db_query($sql);
if ($row = db_fetch_assoc($result)){
if ($row['login']=="") {
output("You cannot reply to a system message.`n");
$row=array();
}
}else{
output("Eek, no such message was found!`n");
}
}
$to = httpget('to');
if ($to){
$sql = "SELECT login,name, superuser FROM " . db_prefix("accounts") . " WHERE login=\"$to\"";
$result = db_query($sql);
if (!($row = db_fetch_assoc($result))){
output("Could not find that person.`n");
}
}
if (is_array($row)){
if (isset($row['subject']) && $row['subject']){
if ((int)$row['msgfrom']==0){
$row['name']=translate_inline("`i`^System`0`i");
// No translation for subject if it's not an array
$row_subject = @unserialize($row['subject']);
if ($row_subject !== false) {
$row['subject'] = call_user_func_array("sprintf_translate", $row_subject);
}
// No translation for body if it's not an array
$row_body = @unserialize($row['body']);
if ($row_body !== false) {
$row['body'] = call_user_func_array("sprintf_translate", $row_body);
}
}
$subject=$row['subject'];
if (strncmp($subject,"RE: ",4) !== 0 ) {
$subject="RE: $subject";
}
}
if (isset($row['body']) && $row['body']){
$body="\n\n---".sprintf_translate(array("Original Message from %s (%s)",sanitize($row['name']),date("Y-m-d H:i:s",strtotime($row['sent']))))."---\n".$row['body'];
}
}
rawoutput("<form action='mail.php?op=send' method='post'>");
if ($session['user']['superuser'] & SU_IS_GAMEMASTER) {
rawoutput("<input type='hidden' name='from' value='".htmlentities(stripslashes($from), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."'>");
}
rawoutput("<input type='hidden' name='returnto' value=\"".htmlentities(stripslashes(httpget("replyto")), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">");
$superusers = array();
if (($session['user']['superuser'] & SU_IS_GAMEMASTER) && $from > "") {
output("`2From: `^%s`n", $from);
}
if (isset($row['login']) && $row['login']!=""){
output_notl("<input type='hidden' name='to' id='to' value=\"".htmlentities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">",true);
output("`2To: `^%s`n",$row['name']);
if (($row['superuser'] & SU_GIVES_YOM_WARNING) && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
array_push($superusers,$row['login']);
}
}else{
output("`2To: ");
$to = httppost('to');
$sql = "SELECT login,name,superuser FROM accounts WHERE login = '".addslashes($to)."' AND locked = 0";
$result = db_query($sql);
$db_num_rows = db_num_rows($result);
if($db_num_rows != 1) {
$string="%";
$to_len = strlen($to);
for($x=0; $x < $to_len; ++$x) {
$string .= $to{$x}."%";
}
$sql = "SELECT login,name,superuser FROM " . db_prefix("accounts") . " WHERE name LIKE '".addslashes($string)."' AND locked=0 ORDER by login='$to' DESC, name='$to' DESC, login";
$result = db_query($sql);
$db_num_rows = db_num_rows($result);
}
if ($db_num_rows==1){
$row = db_fetch_assoc($result);
output_notl("<input type='hidden' id='to' name='to' value=\"".htmlentities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">",true);
output_notl("`^{$row['name']}`n");
if (($row['superuser'] & SU_GIVES_YOM_WARNING) && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
array_push($superusers,$row['login']);
}
}elseif ($db_num_rows==0){
output("`\$No one was found who matches \"%s\".`n",stripslashes($to));
output("`@Please try again.`n");
httpset('prepop', $to, true);
rawoutput("</form>");
require("lib/mail/case_address.php");
popup_footer();
}else{
output_notl("<select name='to' id='to' onchange='check_su_warning();'>",true);
$superusers = array();
while($row = db_fetch_assoc($result)) {
output_notl("<option value=\"".htmlentities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">",true);
require_once("lib/sanitize.php");
output_notl("%s", full_sanitize($row['name']));
if (($row['superuser'] & SU_GIVES_YOM_WARNING) && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
array_push($superusers,$row['login']);
}
}
output_notl("</select>`n",true);
}
}
rawoutput("<script type='text/javascript'>var superusers = new Array();");
foreach($superusers as $val) {
rawoutput(" superusers['".addslashes($val)."'] = true;");
}
rawoutput("</script>");
output("`2Subject:");
rawoutput("<input name='subject' value=\"".htmlentities($subject).htmlentities(stripslashes(httpget('subject')), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\"><br>");
rawoutput("<div id='warning' style='visibility: hidden; display: none;'>");
output("`2Notice: `^$superusermessage`n");
rawoutput("</div>");
output("`2Body:`n");
require_once("lib/forms.php");
previewfield("body", "`^", false, false, array("type"=>"textarea", "class"=>"input", "cols"=>"60", "rows"=>"9", "onKeyDown"=>"sizeCount(this);"), htmlentities($body, ENT_COMPAT, getsetting("charset", "ISO-8859-1")).htmlentities(stripslashes(httpget('body')), ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
//rawoutput("<textarea name='body' id='textarea' class='input' cols='60' rows='9' onKeyUp='sizeCount(this);'>".htmlentities($body, ENT_COMPAT, getsetting("charset", "ISO-8859-1")).htmlentities(stripslashes(httpget('body')), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."</textarea><br>");
$send = translate_inline("Send");
rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td><input type='submit' class='button' value='$send'></td><td align='right'><div id='sizemsg'></div></td></tr></table>");
rawoutput("</form>");
$sizemsg = "`#Max message size is `@%s`#, you have `^XX`# characters left.";
$sizemsg = translate_inline($sizemsg);
$sizemsg = sprintf($sizemsg,getsetting("mailsizelimit",1024));
$sizemsgover = "`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!";
$sizemsgover = translate_inline($sizemsgover);
$sizemsgover = sprintf($sizemsgover,getsetting("mailsizelimit",1024));
$sizemsg = explode("XX",$sizemsg);
$sizemsgover = explode("XX",$sizemsgover);
$usize1 = addslashes("<span>".appoencode($sizemsg[0])."</span>");
$usize2 = addslashes("<span>".appoencode($sizemsg[1])."</span>");
$osize1 = addslashes("<span>".appoencode($sizemsgover[0])."</span>");
$osize2 = addslashes("<span>".appoencode($sizemsgover[1])."</span>");
rawoutput("
<script type='text/javascript'>
var maxlen = ".getsetting("mailsizelimit",1024).";
function sizeCount(box){
if (box==null) return;
var len = box.value.length;
var msg = '';
if (len <= maxlen){
msg = '$usize1'+(maxlen-len)+'$usize2';
}else{
msg = '$osize1'+(len-maxlen)+'$osize2';
}
document.getElementById('sizemsg').innerHTML = msg;
}
sizeCount(document.getElementById('inputbody'));
function check_su_warning(){
var to = document.getElementById('to');
var warning = document.getElementById('warning');
if (superusers[to.value]){
warning.style.visibility = 'visible';
warning.style.display = 'inline';
}else{
warning.style.visibility = 'hidden';
warning.style.display = 'none';
}
}
check_su_warning();
</script>");
?>